If you don't have direct access to key-pair, you could encrypt password on your local machine.
The way to do it is encrypt your password using key in addition to @Eric Woodruff 's ProxyCommand.
A way to combine is using pipe:
openssl rsautl -decrypt -inkey /path/to/decrypt_key -in /path/to/encrypted_password | sshpass ssh real-destination -ttwhere
Host real-destination Hostname test.com User netmoon